Record number of phishing sites seen for July

Cybercriminals created a record number of phishing Web sites in July and also hijacked a record number of brands to help them do their work, a consortium that monitors online fraud said Monday.

The number of phishing sites — or fraudulent Web sites try to fool people into handing over sensitive personal information — rose to 14,191 in July, an 18 percent increase over May, the previous all-time high, said the Anti-Phishing Working Group (APWG).

The fraudulent sites mimicked a record 154 brands, up 20 percent over June and 12 percent over the previous high, also recorded in May, APWG said.

The latest figures show that online criminals are diversifying to target smaller financial institutions, Internet service providers and even government agencies, the group said. However, the financial services industry is still targeted the most, with more than nine out of 10 phishing sites aimed at that sector.

The technical sophistication of phishing attacks is also increasing. APWG said that 1,850 phishing sites attempted to download a Trojan horse, a program that conceals itself in another, harmless-looking file but can be used to harvest personal information or download other malicious programs to an infected computer.

APWG also said that one security vendor, Websense, detected special toolkits for sale on Russian Web sites to construct this kind of attack when a user visits a Web page. They can be fairly cheap, too: prices range from US$20 to $300, APWG said.

Also on the rise are “traffic redirector” Trojans, which force users to certain Web sites without their consent, APWG said.

Overall, the United States hosts nearly 30 percent of all phishing sites, followed by South Korea at 13 percent and China at 12 percent, APWG figures showed.